Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

CVE-2026-57288

Description

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/Active Directory Pluginllm-fuzzy
Range: <=2.41.1

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2026-06-24/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2026-06-24
Jenkins Security Advisories · Jun 24, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000